Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

With repos and workflows being infected, wouldn't a CI-only deploy not help?

The malware is modifying files and adding github workflows. If your builds are reproducible and run from committed code then the only way to add the post install script is if the maintainer reviews and accepts the commit that adds it. Similarly with the github workflow branch.

And if your CI is building and releasing in a sandboxed hermetic environment, then the sandboxes that build and release don't need credentials like AWS_ACCESS_KEY because they can't depend on data from the network. You need credentials for deploying and signing, but they don't need to be present during build time.

> The malware is modifying files and adding github workflows. If your builds are reproducible and run from committed code

Exactly: it can simply commit its code and trigger a CI-only GitHub Actions deploy with no input from the maintainer at all.

Not from a the malicious branch.

By hypothesis the code only deploys from code committed to the main branch (or whatever the blessed branch for CI is). To create a GitHub Action that can deploy the code, the package maintainer must first manually approve and merge the malicious commit.

And the malware spreads by publishing new versions of NPM packages using credentials on the package owner's development machine. If the package owner didn't have credentials with publish access, this wouldn't spread like a worm. And if they had reproducible builds they wouldn't pull a new version of their dependencies from NPM at build time because they'd have to have pinned specific versions with specific hashes to get reproducibility.

Under these hypotheses it can spread, but only if the package owner manually pins a malicious version or manually approves a malicious commit.